Wireless Security

PURPOSE

This policy establishes procedures for gaining secure access to wireless data communications on the Mont Alto campus data network.  Only wireless systems that meet the criteria of this policy or have been granted an exclusive waiver by the campus are approved for connectivity to the Mont Alto campus data network.

SCOPE

This policy covers all wireless data communication devices connected directly to the Mont Alto campus data networks. This includes any communication device capable of transmitting data packets. Wireless devices and/or data networks without any connectivity to Mont Alto campus data networks do not fall under the purview of this policy.

DEFINITIONS

Device – A computer, electronic tool or communication apparatus with the ability to connect to a data or communication network.
End-User Wireless Devices – Devices such as personal computers, PDAs, etc. that are used to access the Mont Alto data network wirelessly.
MAC (Hardware Address) – A unique address assigned by the device manufacture to all devices with network interface adapters both wired and wireless.  The address unique identified the device when connected to a data network.
User Authentication - A method by which the user of a wireless system can be verified as a legitimate user independent of the computer or operating system being used.
VPN (Virtual Private Network) – A technology used to allow a user or network to connect in a secure and virtual manner via open or public communication channels.  A VPN grants a remote user (e.g. working from home) secure access to local network services as if he/she were sitting in his/her office.
Wireless Infrastructure Devices – Devices such as access points, switches, wireless controllers, etc. that are used to provide wireless service to end-user wireless devices and facilitate the bridge between wireless and wired networks.

POLICY

To comply with this policy, wireless infrastructure devices must: 

• Only allow data network access via an approved University VPN or secure authentication solution (i.e. 802.1x) to ensure privacy, user authentication, and integrity of the wireless communications. 
• Separate wireless traffic originating from or destined to end-user wireless devices from other data communications on the Mont Alto campus data network.
• Be configured and managed only by authorized Mont Alto Information Technology personnel.

To comply with this policy, end-user wireless devices must:

• Maintain a hardware address that can be registered and tracked, i.e., a MAC (hardware) address.
• Utilize an approved University VPN solution to ensure privacy, user authentication, and integrity of the wireless communications.
• The use of network sniffing and eavesdropping tools is prohibited.

Enforcement

Wireless infrastructure devices or end-user wireless devices failing to comply with this policy will be disconnected from the campus data network; if applicable a hardware address will be blocked at the data network level.  Furthermore, any employee found to have violated this policy may be subject to disciplinary action by their administrative unit, the campus, or the University.

CROSS REFERENCE

Other policies that should also be referenced:

AD20 - Computer and Network Security
PSU-MA-ITS-000 – End User Computer Agreement
PSU-MA-ITS-004 – Acceptable Use and Security Policy

POLICY HISTORY

Ratified June 5, 2009